Netgate SG-1100... amzn.to/40eFAWY X10SDV Motherboard... ebay.us/TVC9Yx (affiliate links) Let me know what other pfsense-related topics you would like to see!
I am deeply grateful, for you have truly been my salvation in this time of strife. Wrestling with the intricacies of this configuration, particularly the VLAN tagging on the pfSense device, has proved most vexing. Yet while many tutorials have demonstrated the process of VLAN creation, not a single one has illuminated the art of managing them or implementing these configurations on the devices of the end users. Thanks again
Thank you, I'm glad I was able to be of help :) If there's anything else you find unanswered elsewhere that would make a good video/discussion, please let me know. I'm always looking for video topic ideas!
Wow, this was the fist time I've realized that "interfaces" in pfSense is NOT ports, it's VLAN interfaces. This clears a lot of my confusion about pfSense rules.
I tried doing this with OPNsense and DD-WRT'd router. Crazy part is, after some trial and many errors, I got it working. Then one day, it just randomly stopped working and I can't get it working again :( Not sure what the issue is. Good explanation of the process and walking through the steps.
I'm a newbie and have a question? I saw a different setting from yours in another article. He only used the System --> Routing function. Your tutorial also adds the function of Interface --> Switches. I don't understand what is difference between of both? In addition, I am setting up a basic network at home to simulate the environment of small and medium-sized enterprises, after asking questions on some blogger. Someone asked me why I need to set up DHCP and ACL on the L3 Switch to control the communication between Vlans when there is a firewall. I don't quite understand this question. I am a newbie, but he did not tell me the reason in detail.
Great video man!! I was wondering what brand of cameras are you using. And DVR software. It seems like there's a bunch of confusion over which ones to get and I would prefer Wifi ones.
It will use the IP of the interface (pfsense) by default for both the Gateway and DNS. You can override it with something different if you wish, such as that of a dedicated DNS server or maybe a separate L3 switch.
@@HomeSysAdmin Yup my cameras have an web API that allows a sync with system time, I just setup a cronjob for that so I wouldn't need anything there. I was killing the internet by setting the DNS to 0.0.0.0 but it keeps getting reset to gateway IP.
@@HomeSysAdmini had a mini machine in the vlan that has a time server that has access to the time server in an other vlan but that was the only thing that has access to the other vlan , I know it’s many vlans but it works well
Is there any chance you can create a video to cover hosting the SVI/RVIs on a switch instead? What differences in configuration do you make on the pfSense?
8:38 These firewall rules are for traffic inside the vlan, exiting the vlan. For your camera vlan shouldn't the source address be the cameras? Then on the wan allow established connections back in?
On the CAMERAS tab that I had in the video, you could set the source to "CAMERAS Net" which would match all IPs on that vlan. You wouldn't want to use "CAMERAS Address" though as that's referring to only the address for which pfsense is assigned on that vlan (the gateway address). I opted to just use an asterisk though as the the rules will only be run on the vlan for which they're assigned, so there will never be a non-vlan address as the source on that interface. I hope that makes sense, it's difficult to explain in words lol. Then for the second part of the question, the rules are applying to traffic originating within the vlan/interface. So in my example, the rules are applying to traffic inside the cameras passing out of the vlan. Once it matches one of the rules and is "out of the vlan/network" it does not need to match any rules in the interface for which it's destined.
Thanks for the great video. Just a small question, if i dont want to use vlan dhcp in vlan? I mean if i have a dhcp server ( example on synology nas) and if i want to use as dhcp this server, how can i continue? note: Synology will not in the same vlan with devices
If you have another DHCP server on your network, you can leave it disabled on the pfsense. You can enable it on the Synology and set the gateway address that gets issued as the IP of the pfsense vlan interface.
@@HomeSysAdmin I have 3 different vlan on pfsense. in this case how can i continue? I mean i can create 3 different pool on synology pool but, on the synology, i can set only 1 vlan interface as a gateway. Or i should set each pfsense vlan interface for the each different pool? Example 192.168.10.1 (VLAN10) 192.168.20.1 (VLAN20) 192.168.30.1 (VLAN30) Created pool on synology like this; 192.168.10.10 - 192.168.10.254 255.255.255.0 192.168.10.1 192.168.20.10 - 192.168.10.254 255.255.255.0 192.168.20.1 192.168.30.10 - 192.168.30.254 255.255.255.0 192.168.30.1 NOTE: Synology connected to LAN network, no any vlan tag
@@HomeSysAdmin It's still not clear for me. Example, My synology nas is member default vlan 1, dhcp is working on the synology and if one device is member of vlan 1, synology can assign an ip to the devices. I want to use this synology dhcp for the vlans, i created pools on synology but it's not assign an ip to the vlan devices. Synology and other vlan devices is not in the same vlan
@@HomeSysAdmin I think i found. It can be possible activate dhcp relay on pfsense. I added synology ip as Upstream Servers in dhcp relay and now it's managing by synology
Is there an alias for this command? The untagged is showing as an invalid input, to I need to be in operator and not manager? Thanks for the video! This is the only one I could find using the HP 2920
The untagged command is pretty much a standard for these switches. You need to be in the context of a vlan though otherwise you may get in invalid command. For example, to set vlan 10 on port 1, you would run - conf terminal vlan 10 untagged 1
I have a cisco sg 350 im doing this with and after setting up the trnk port between pfsense and the switch. Carrying all the tagged vlans, and sw the interface to a vlan that is on pfsense. I am unable to get an ip address via dhcp. Might you know why?
Netgate SG-1100... amzn.to/40eFAWY
X10SDV Motherboard... ebay.us/TVC9Yx (affiliate links)
Let me know what other pfsense-related topics you would like to see!
I am deeply grateful, for you have truly been my salvation in this time of strife. Wrestling with the intricacies of this configuration, particularly the VLAN tagging on the pfSense device, has proved most vexing. Yet while many tutorials have demonstrated the process of VLAN creation, not a single one has illuminated the art of managing them or implementing these configurations on the devices of the end users. Thanks again
Thank you, I'm glad I was able to be of help :) If there's anything else you find unanswered elsewhere that would make a good video/discussion, please let me know. I'm always looking for video topic ideas!
Thanks for the awesome video, helped clear up a few things to do with the switch settings 👍🏼
Wow, this was the fist time I've realized that "interfaces" in pfSense is NOT ports, it's VLAN interfaces. This clears a lot of my confusion about pfSense rules.
Thumbs up 👍 a more appropriate explanation for the DYI perspective.
Thank you. Got the vlan to work in 10 minutes.
Awesome, glad I was able to help! :)
This helped me out so much!! I have a netgate device and couldn’t get the clan to work. Thank you!
its awesome. Create playlists on it.
long time wait for this content
Great video. Just learning vlans. Thankyou.
I tried doing this with OPNsense and DD-WRT'd router. Crazy part is, after some trial and many errors, I got it working. Then one day, it just randomly stopped working and I can't get it working again :( Not sure what the issue is.
Good explanation of the process and walking through the steps.
I'm a newbie and have a question?
I saw a different setting from yours in another article. He only used the System --> Routing function.
Your tutorial also adds the function of Interface --> Switches.
I don't understand what is difference between of both?
In addition, I am setting up a basic network at home to simulate the environment of small and medium-sized enterprises, after asking questions on some blogger. Someone asked me why I need to set up DHCP and ACL on the L3 Switch to control the communication between Vlans when there is a firewall. I don't quite understand this question. I am a newbie, but he did not tell me the reason in detail.
Great video man!! I was wondering what brand of cameras are you using. And DVR software.
It seems like there's a bunch of confusion over which ones to get and I would prefer Wifi ones.
I'm using wired Hikvision cameras with the BlueIris software. The wired cameras are nice as you can power with PoE.
Question about the DHCP Server page. I may have missed it, but did you add the Gateway and DNS as well? Very nice explanation. 👍
It will use the IP of the interface (pfsense) by default for both the Gateway and DNS. You can override it with something different if you wish, such as that of a dedicated DNS server or maybe a separate L3 switch.
This is awesome man. I was wondering what the IP camera vlan consisted of because I want to put my cameras on a similar restrictive network.
Thanks. I didn't have any rules in there originally but got tired of having to change the time twice per year lol.
@@HomeSysAdmin Yup my cameras have an web API that allows a sync with system time, I just setup a cronjob for that so I wouldn't need anything there. I was killing the internet by setting the DNS to 0.0.0.0 but it keeps getting reset to gateway IP.
Your cameras don't support NTP? Mine do but it was defaulted to an internet address. All I had to do was change the NTP location to the pfSense IP.
@@HomeSysAdmini had a mini machine in the vlan that has a time server that has access to the time server in an other vlan but that was the only thing that has access to the other vlan , I know it’s many vlans but it works well
Is there any chance you can create a video to cover hosting the SVI/RVIs on a switch instead? What differences in configuration do you make on the pfSense?
8:38 These firewall rules are for traffic inside the vlan, exiting the vlan.
For your camera vlan shouldn't the source address be the cameras? Then on the wan allow established connections back in?
On the CAMERAS tab that I had in the video, you could set the source to "CAMERAS Net" which would match all IPs on that vlan. You wouldn't want to use "CAMERAS Address" though as that's referring to only the address for which pfsense is assigned on that vlan (the gateway address). I opted to just use an asterisk though as the the rules will only be run on the vlan for which they're assigned, so there will never be a non-vlan address as the source on that interface. I hope that makes sense, it's difficult to explain in words lol.
Then for the second part of the question, the rules are applying to traffic originating within the vlan/interface. So in my example, the rules are applying to traffic inside the cameras passing out of the vlan. Once it matches one of the rules and is "out of the vlan/network" it does not need to match any rules in the interface for which it's destined.
Thanks for the great video. Just a small question, if i dont want to use vlan dhcp in vlan? I mean if i have a dhcp server ( example on synology nas) and if i want to use as dhcp this server, how can i continue? note: Synology will not in the same vlan with devices
If you have another DHCP server on your network, you can leave it disabled on the pfsense. You can enable it on the Synology and set the gateway address that gets issued as the IP of the pfsense vlan interface.
@@HomeSysAdmin I have 3 different vlan on pfsense. in this case how can i continue? I mean i can create 3 different pool on synology pool but, on the synology, i can set only 1 vlan interface as a gateway. Or i should set each pfsense vlan interface for the each different pool? Example
192.168.10.1 (VLAN10)
192.168.20.1 (VLAN20)
192.168.30.1 (VLAN30)
Created pool on synology like this;
192.168.10.10 - 192.168.10.254
255.255.255.0
192.168.10.1
192.168.20.10 - 192.168.10.254
255.255.255.0
192.168.20.1
192.168.30.10 - 192.168.30.254
255.255.255.0
192.168.30.1
NOTE: Synology connected to LAN network, no any vlan tag
@@HomeSysAdmin It's still not clear for me. Example, My synology nas is member default vlan 1, dhcp is working on the synology and if one device is member of vlan 1, synology can assign an ip to the devices. I want to use this synology dhcp for the vlans, i created pools on synology but it's not assign an ip to the vlan devices. Synology and other vlan devices is not in the same vlan
@@HomeSysAdmin I think i found. It can be possible activate dhcp relay on pfsense. I added synology ip as Upstream Servers in dhcp relay and now it's managing by synology
Is there an alias for this command? The untagged is showing as an invalid input, to I need to be in operator and not manager? Thanks for the video! This is the only one I could find using the HP 2920
The untagged command is pretty much a standard for these switches. You need to be in the context of a vlan though otherwise you may get in invalid command. For example, to set vlan 10 on port 1, you would run -
conf terminal
vlan 10
untagged 1
I have a cisco sg 350 im doing this with and after setting up the trnk port between pfsense and the switch. Carrying all the tagged vlans, and sw the interface to a vlan that is on pfsense. I am unable to get an ip address via dhcp. Might you know why?
Hello, so the pfsense router can replace my server 2019 dns and dhcp? I setup vlans on my switch and on the server.
Yes, pfsense has DHCP and DNS with detailed/advanced configuration options for both.
you should make yourself smaller in the video, so we can see more of the screen.
You may have a long lost son who does electrical engineering on UA-cam named @WillProwse
Lol not likely, we're pretty much the same age.